To:
"Larson, Matt" <mlarson@verisign.com>
cc:
dnsop@cafax.se, aroot@ops.ietf.org
From:
Jerry Scharf <scharf@vix.com>
Date:
Mon, 06 Nov 2000 14:41:43 -0800
In-reply-to:
Your message of "Mon, 06 Nov 2000 16:39:40 EST." <DF737E620579D411A8E400D0B77E671D4296FB@regdom-ex01.prod.netsol.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Anycast root metrics and analysis
Remember that some day (hopefully sooner rather than later) this zone is going to be signed, most likely with a working key signed against a static metakey. Every time the working key changes, every SIG in the zone changes, so there will be much more to the root zone in the future. I don't think anyone has an answer on how long the working keys last, but it might be something like monthly. I don't think this changes the anycast stuff in any way, but it does change the significance of coherence of the slaves (expired SIGs on an authoratative root server would be 'a bad thing.') Perhaps there should be something that takes a server offline if a zone transfer hasn't happened and the SIGs are close to expiry time. This is just as true for old style servers. I had been thinking about a requirement for external monitoring of any server that wants to join the root set. It would be an interesting project and I would be willing to contribute time to making that happen. A web site that everyone knows where to go to look at the root server set structure could go a good way towards mitigating the confusion factor of anycast. jerry